SSH Daemon - Did anything change from 1.2.2-RELEASE to 1.2.3?



  • Hello there,

    I'm troubleshooting an issue I've been experiencing with a J2ME SSH client I use from by Blackberry for remote administration purposes.

    I have found that I can no longer connect to 1.2.3-RELEASE pfSense boxes.  1.2-RELEASE and 1.2.2-RELEASE boxes continue to function just fine.

    The error I pull from my BB is :

    Name: BBSSH
    GUID: 3b876f970927ae00
    Time: Mar 05, 2010 11:27:38
    xxxxxxxx.dyndns.org:63777 reports: I/O operation attempted on closed stream/connection

    I don't see anything meaningful from the pfSense logs in the GUI.  I am NOT using a key - just username and password.

    Any help would be appreciated!

    – Phob


  • Rebel Alliance Developer Netgate

    There were OS changes (From FreeBSD 7.0 to 7.2) and I'm fairly certain the underlying OpenSSH daemon was updated during that time because it's part of the base OS from FreeBSD.



  • Thanks for the info jimp.

    I didn't initially detect the issue as I usually have access via a PC and Putty never stopped working.  My iPhone clients still work too, but the java SSH client I use on the BB isn't cooperating.

    Anyway - I guess I'll have to try to create a FreeBSD virtual machine at some point and fuss with the different combos…

    Thanks for the response.

    -- Phob



  • Hi again,

    Just thought I would post that a solution to this issue has been discovered.  It turns out that the default ciphers used in v1.2.3+ versions do not support the 3des-cbc cipher, which is what my SSH client uses.

    Manually editing /etc/sshd to add this cipher to the list solves my issue :

    Change the line :

    $sshconf = "Ciphers aes128-ctr,aes256-ctr,arcfour256,arcfour,aes128-cbc,aes256-cbc\n";

    … to this :

    $sshconf = "Ciphers 3des-cbc,aes128-ctr,aes256-ctr,arcfour256,arcfour,aes128-cbc,aes256-cbc\n";

    I'll post this to the bug tracker as well.

    Thanks,

    -- Phob


Log in to reply